The new FlexVNFs include software for DNS security and a secure Web gateway, both designed for secure direct Internet access from the branch. The enhanced FlexVNFs include a 40G per rack unit stateful firewall, a 20G per RU next-gen firewall, and 10G Unified Threat Management (UTM) per RU, all designed to exceed – even double – the performance of hardware-based products.

Versa’s new FlexVNF software-defined security products are targeted at large enterprises looking for easier and faster ways to secure branch offices requiring direct Internet access, and service providers looking to decrease time-to-revenue for new managed security services. They are based on an extensible software-driven architecture that offers service chaining, multitenancy and management from a single pane of glass.

This is in contrast to other software-based virtual security appliances that are loosely integrated in function and management, or siloed. Versa says information security will evolve to become software-defined, like SDNs, where management of security services is abstracted from individual appliances to a policy-based, network-wide scope.

The new security FlexVNFs, DNS security and a secure web gateway, are both key for enabling direct, secure Internet access from the branch, Versa says. DNS security protects against phishing, botnet access, and advanced persistent threats, and augments reputation systems with zero-day validation of domains.

Citing industry research, Versa says branch offices are increasingly becoming a targeted point of entry into corporate networks for hackers, with attack volume growing more than 500% over the last three years.

Deployment options for the Versa products include managed service offerings from service providers, including vCPE, managed SD-WAN and security; and enterprises can use them as the basis for private SD-WANs with security. Versa proposes not only virtualizing security for the branch but software-defining it through NFV, so that many security functions can be layered on elastically and managed centrally.

In SD-WAN, Versa competes with a number of software-defined WAN start-ups and established players: Glue Networks, Viptela, Cloudgenix, Cradlepoint, Talari, Nuage Networks, Silver Peak, VeloCloud, and even Cisco with its Intelligent WAN (IWAN) product line comprised of ISR branch routers and ASR edge routers. In branch security, Versa competes with pure security vendors like Palo Alto Networks, Fortinet and Check Point, as well as established vendors with broader product lines, like Cisco and Juniper Networks.

Versa is co-founded by Kumar and Apurva Mehta, brothers and ex-Juniper Networks engineers who helped build one of that company’s most successful products, the MX edge router. Versa has over $40 million in funding since 2012 from Sequoia, Mayfield and Verizon Ventures, and is addressing a total available market worth over $40 billion.

This story, "SD-WAN startup Versa software defines security" was originally published by
Network World.

Jim Duffy has been covering technology for over 28 years, 23 at Network World. He covers enterprise networking infrastructure, including routers and switches. He also writes The Cisco Connection blog and can be reached on Twitter @Jim_Duffy and at jduffy@nww.com.